Further document the format and produce a rogue system update

* Truncate filesize to 20 bytes in hacked.toc (001b? IIRC) * Add various 0x00 as well.. firsy 0x80... gets turned into the compressed length but that fails.. needs to be bigger than 0x2000 to succeed. * LZMA size and trailer overlap.. I was too lazy to add/deal with padding so kept it short.. can be fixed... * Modified path for /etc/rc2.d.. to extract new script We seem lucky with file permissions.. that it is somehow executable even if SetFileAttributes is not set...
2016-12-17 18:12:41 +01:00 · 2016-12-17 18:12:41 +01:00 · e680aea708
parent 636fe4eab9
commit e680aea708
3 changed files with 11 additions and 1 deletions
--- a/update-ec20/README.ascii
+++ b/update-ec20/README.ascii
@ -11,7 +11,17 @@ compressed update. The size of that area seems to be computed
 as:
 	8 * num_diffs (maybe two CRC32?)
 	4 * num_insert (maybe a single CRC32)?
-	followed by lzma
+	followed by lzma... TOC of size compress_sz
+	LZMA again.. depends on the TOC.. delta_pos contains addr
+
+
+LZMA needs to be compressed in 'alone' format and needs to have
+the decompressed size in the header! 0xFF... leads to parse error
+xz -F alone demo.sh
+
+LZMA: https://github.com/nobled/xz/commit/7d17818cec8597f847b0a2537fde991bbc3d9e96
+removed uncompressed_size support. So an plder version is needed..
+or use the original lzma SDK


 0x0000d084 in is_expected_sig ()
--- a/update-ec20/data/hacked.toc
+++ b/update-ec20/data/hacked.toc
--- a/update-ec20/data/hacked_system_diff_no_diff.diff
+++ b/update-ec20/data/hacked_system_diff_no_diff.diff